Federal overview claims Dominion software flaws haven’t been exploited in elections


Federal cybersecurity officials have verified there are computer software vulnerabilities in selected ballot-marking equipment created by Dominion Voting Devices, found during a controversial Ga court circumstance, which could in concept permit a malicious actor to tamper with the gadgets, in accordance to a draft evaluation reviewed by CNN.

The vulnerabilities have in no way been exploited in an election and carrying out so would have to have actual physical entry to voting machines or other extraordinary requirements typical election security methods stop, according to the examination from the US Cybersecurity and Infrastructure Stability Agency.

But simply because the topic is Dominion voting devices, which has been the focus on of conspiracy theorists who falsely declare there was big-scale fraud in the 2020 election, federal and condition and nearby officers are bracing for election deniers to try to weaponize news of the vulnerabilities in advance of midterm elections.

“While these vulnerabilities existing risks that must be instantly mitigated, CISA has no proof that these vulnerabilities have been exploited in any elections,” reads the draft CISA advisory, which the company shared in a briefing with point out and nearby officials on Friday.

The Washington Submit initial documented on the CISA advisory.

In planning for the disclosure of the program vulnerabilities, CISA on Friday updated its “Rumor Command” web site, which it used to rebut promises of election fraud all through the 2020 election, with a new entry.

“The existence of a vulnerability in election technological know-how is not proof that the vulnerability has been exploited or that the results of an election have been impacted,” the new Rumor Command posting reads.

The vulnerabilities influence a type of Dominion ballot-marking product regarded as the Democracy Suite ImageCast X, in accordance to the CISA advisory, that is only made use of in sure states.

“We are performing carefully with election officers to enable them deal with these vulnerabilities and assure the continued safety and resilience of US election infrastructure,” CISA Govt Director Brandon Wales explained in a statement to CNN. “Of note, states’ typical election safety strategies would detect exploitation of these vulnerabilities and in many circumstances would prevent attempts entirely. This will make it quite unlikely that these vulnerabilities could impact an election.”

The CISA examination is of a safety assessment of Dominion Voting Systems’ ballot-marking equipment finished by a University of Michigan computer system scientist at the behest of plaintiffs in a long-managing lawsuit in opposition to Georgia’s Secretary of Condition.

The computer system scientist, J. Alex Halderman, was supplied bodily access in excess of various weeks to the Dominion ballot-marking devices, which print out a ballot just after voters make their selection on a touch display screen.

Halderman’s report is continue to under seal with the court.

But in accordance to Halderman and men and women who have noticed the report, it statements to exhibit how the software flaws could be used to alter QR codes printed by the ballot-marking units, so those people codes do not match the vote recorded by the voter. Postelection audits, which compare paper trails with votes recorded on equipment, could catch the discrepancy.

The mother nature of computing usually means all software program has vulnerabilities if you search carefully more than enough, and software made use of in elections is no distinctive. But election gurus say bodily obtain controls and other layers of protection, alongside with postelection audits, enable mitigate the risk of votes remaining manipulated through cyberattacks.

The CISA warning notes most jurisdictions using the machines analyzed by now have adapted the mitigations advisable by the company. Dominion has provided updates to machines to tackle the vulnerability, a person particular person briefed on the issue claimed.

CNN has reached out to Dominion for comment.

Separately, the Georgia’s Secretary of State’s business office unveiled a assertion Friday on a overview of the state’s election devices carried out by Mitre Corp., a federally funded nonprofit. Whilst the Mitre report has not been made public, Gabriel Sterling, Georgia’s deputy Secretary of Condition, said in a statement Friday the report confirmed “existing procedural safeguards make it very unlikely for any bad actor to actually exploit any vulnerabilities.”